在C+；中为安全javascript activex控件继承IObjectSafetyImpl+；

我无法将我的控制设置为安全。 我发现了这一点，这解释了需要如何做。 我做了解释：

class myctrl: public COleControl, public IObjectSafetyImpl<myctrl,INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA>
{

“开始地图”给我带来麻烦，我不知道为什么。 它说“锁定”和“解锁”不是myctrl的成员。 我找不到任何与之相关的东西，也找不到我需要对这两位成员做什么 我还得到一个错误：

Error   3   error C2660: 'CCmdTarget::InternalQueryInterface' : function does not take 4 arguments

---

对于MFC COM，您需要向

COleControl

派生类添加一些样板代码。警告-一些大的复制/粘贴即将出现，请原谅打字错误

首先，在控件的头文件中添加以下内容

DECLARE_INTERFACE_MAP()
BEGIN_INTERFACE_PART(ObjectSafety, IObjectSafety)
    STDMETHOD(GetInterfaceSafetyOptions)(REFIID riid, DWORD __RPC_FAR *pdwSupportedOptions, DWORD __RPC_FAR *pdwEnabledOptions);
    STDMETHOD(SetInterfaceSafetyOptions)(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions);
END_INTERFACE_PART(ObjectSafety)

然后，在实现文件中，添加以下内容

BEGIN_INTERFACE_MAP(myctrl, COleControl)
    INTERFACE_PART(myctrl, IID_IObjectSafety, ObjectSafety)
END_INTERFACE_MAP()

// Implementation of IObjectSafety
STDMETHODIMP myctrl::XObjectSafety::GetInterfaceSafetyOptions(
    REFIID riid,
    DWORD __RPC_FAR *pdwSupportedOptions,
    DWORD __RPC_FAR *pdwEnabledOptions)
{
    METHOD_PROLOGUE_EX(myctrl, ObjectSafety)

        if (!pdwSupportedOptions || !pdwEnabledOptions)
        {
            return E_POINTER;
        }

        *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
        *pdwEnabledOptions = 0;

        if (NULL == pThis->GetInterface(&riid))
        {
            TRACE("Requested interface is not supported./n");
            return E_NOINTERFACE;
        }

        // What interface is being checked out anyhow?
        OLECHAR szGUID[39];
        int i = StringFromGUID2(riid, szGUID, 39);

        if (riid == IID_IDispatch)
        {
            // Client wants to know if object is safe for scripting
            *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
            return S_OK;
        }
        else if (riid == IID_IPersistPropertyBag
            || riid == IID_IPersistStreamInit
            || riid == IID_IPersistStorage
            || riid == IID_IPersistMemory)
        {
            // Those are the persistence interfaces COleControl derived controls support
            // as indicated in AFXCTL.H
            // Client wants to know if object is safe for initializing from persistent data
            *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA;
            return S_OK;
        }
        else
        {
            // Find out what interface this is, and decide what options to enable
            TRACE("We didn't account for the safety of this interface, and it's one we support.../n");
            return E_NOINTERFACE;
        } 
}
STDMETHODIMP myctrl::XObjectSafety::SetInterfaceSafetyOptions(
    REFIID riid,
    DWORD dwOptionSetMask,
    DWORD dwEnabledOptions)
{
    METHOD_PROLOGUE_EX(myctrl, ObjectSafety)

        OLECHAR szGUID[39];
    // What is this interface anyway?
    // We can do a quick lookup in the registry under HKEY_CLASSES_ROOT/Interface
    int i = StringFromGUID2(riid, szGUID, 39);

    if (0 == dwOptionSetMask && 0 == dwEnabledOptions)
    {
        // the control certainly supports NO requests through the specified interface
        // so it's safe to return S_OK even if the interface isn't supported.
        return S_OK;
    }

    // Do we support the specified interface?
    if (NULL == pThis->GetInterface(&riid))
    {
        TRACE1("%s is not support./n", szGUID);
        return E_FAIL;
    }


    if (riid == IID_IDispatch)
    {
        TRACE("Client asking if it's safe to call through IDispatch./n");
        TRACE("In other words, is the control safe for scripting?/n");
        if (INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwEnabledOptions)
        {
            return S_OK;
        }
        else
        {
            return E_FAIL;
        }
    }
    else if (riid == IID_IPersistPropertyBag
        || riid == IID_IPersistStreamInit
        || riid == IID_IPersistStorage
        || riid == IID_IPersistMemory)
    {
        TRACE("Client asking if it's safe to call through IPersist*./n");
        TRACE("In other words, is the control safe for initializing from persistent data?/n");

        if (INTERFACESAFE_FOR_UNTRUSTED_DATA == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_DATA == dwEnabledOptions)
        {
            return NOERROR;
        }
        else
        {
            return E_FAIL;
        }
    }
    else
    {
        TRACE1("We didn't account for the safety of %s, and it's one we support.../n", szGUID);
        return E_FAIL;
    }
}
STDMETHODIMP_(ULONG) myctrl::XObjectSafety::AddRef()
{
    METHOD_PROLOGUE_EX_(myctrl, ObjectSafety)
        return (ULONG)pThis->ExternalAddRef();
}
STDMETHODIMP_(ULONG) myctrl::XObjectSafety::Release()
{
    METHOD_PROLOGUE_EX_(myctrl, ObjectSafety)
        return (ULONG)pThis->ExternalRelease();
}
STDMETHODIMP myctrl::XObjectSafety::QueryInterface(
    REFIID iid, LPVOID* ppvObj)
{
    METHOD_PROLOGUE_EX_(myctrl, ObjectSafety)
        return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}

---

你混合了MFC COM和ATL COM，我不确定你会走得更远。请看一看。@RogerRowland这个控件曾经通过DllRegisterServer注册过，它工作得很好（链接中解释的第一个方法）。现在，我想将它从注册表中取出，并在IObjectSafety的控件中执行。但我不知道怎么做。我到底在混合什么？在VC++中进行COM有两种主要方法-一种是使用活动模板库（ATL），另一种是通过

COleControl

使用MFC。您使用了MFC路径，但您使用的链接仅用于ATL COM对象-完全不同的代码。我在回答中添加了一些MFC代码。谢谢。这绝对是一个进步。然而，一旦我继承了如下内容：

classmyctrl:public COleControl，public IObjectSafety

，我就会从

DECLARE\u DYNCREATE（myctrl）

和

IMPLEMENT\u DYNCREATE（myctrl）

引发错误：

错误1错误C2259:'myctrl'：无法实例化抽象类

，因此我改为

动态

，这解决了错误，但现在看来我的控制根本不起作用了。我无法用语言来形容你帮了我多少忙。我把ATL和MFC搞混了。这些代码都是从哪里来的？我想多了解一点。这个问题可能已经解决了，但老实说，这不是我开始的工作，而且我对该字段基本上一无所知。其中大部分内容似乎取自Microsoft的“SafeCtl.exe在ActiveX控件中实现IObjectSafety”示例-

BEGIN_INTERFACE_MAP(myctrl, COleControl)
    INTERFACE_PART(myctrl, IID_IObjectSafety, ObjectSafety)
END_INTERFACE_MAP()

// Implementation of IObjectSafety
STDMETHODIMP myctrl::XObjectSafety::GetInterfaceSafetyOptions(
    REFIID riid,
    DWORD __RPC_FAR *pdwSupportedOptions,
    DWORD __RPC_FAR *pdwEnabledOptions)
{
    METHOD_PROLOGUE_EX(myctrl, ObjectSafety)

        if (!pdwSupportedOptions || !pdwEnabledOptions)
        {
            return E_POINTER;
        }

        *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
        *pdwEnabledOptions = 0;

        if (NULL == pThis->GetInterface(&riid))
        {
            TRACE("Requested interface is not supported./n");
            return E_NOINTERFACE;
        }

        // What interface is being checked out anyhow?
        OLECHAR szGUID[39];
        int i = StringFromGUID2(riid, szGUID, 39);

        if (riid == IID_IDispatch)
        {
            // Client wants to know if object is safe for scripting
            *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
            return S_OK;
        }
        else if (riid == IID_IPersistPropertyBag
            || riid == IID_IPersistStreamInit
            || riid == IID_IPersistStorage
            || riid == IID_IPersistMemory)
        {
            // Those are the persistence interfaces COleControl derived controls support
            // as indicated in AFXCTL.H
            // Client wants to know if object is safe for initializing from persistent data
            *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA;
            return S_OK;
        }
        else
        {
            // Find out what interface this is, and decide what options to enable
            TRACE("We didn't account for the safety of this interface, and it's one we support.../n");
            return E_NOINTERFACE;
        } 
}
STDMETHODIMP myctrl::XObjectSafety::SetInterfaceSafetyOptions(
    REFIID riid,
    DWORD dwOptionSetMask,
    DWORD dwEnabledOptions)
{
    METHOD_PROLOGUE_EX(myctrl, ObjectSafety)

        OLECHAR szGUID[39];
    // What is this interface anyway?
    // We can do a quick lookup in the registry under HKEY_CLASSES_ROOT/Interface
    int i = StringFromGUID2(riid, szGUID, 39);

    if (0 == dwOptionSetMask && 0 == dwEnabledOptions)
    {
        // the control certainly supports NO requests through the specified interface
        // so it's safe to return S_OK even if the interface isn't supported.
        return S_OK;
    }

    // Do we support the specified interface?
    if (NULL == pThis->GetInterface(&riid))
    {
        TRACE1("%s is not support./n", szGUID);
        return E_FAIL;
    }


    if (riid == IID_IDispatch)
    {
        TRACE("Client asking if it's safe to call through IDispatch./n");
        TRACE("In other words, is the control safe for scripting?/n");
        if (INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwEnabledOptions)
        {
            return S_OK;
        }
        else
        {
            return E_FAIL;
        }
    }
    else if (riid == IID_IPersistPropertyBag
        || riid == IID_IPersistStreamInit
        || riid == IID_IPersistStorage
        || riid == IID_IPersistMemory)
    {
        TRACE("Client asking if it's safe to call through IPersist*./n");
        TRACE("In other words, is the control safe for initializing from persistent data?/n");

        if (INTERFACESAFE_FOR_UNTRUSTED_DATA == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_DATA == dwEnabledOptions)
        {
            return NOERROR;
        }
        else
        {
            return E_FAIL;
        }
    }
    else
    {
        TRACE1("We didn't account for the safety of %s, and it's one we support.../n", szGUID);
        return E_FAIL;
    }
}
STDMETHODIMP_(ULONG) myctrl::XObjectSafety::AddRef()
{
    METHOD_PROLOGUE_EX_(myctrl, ObjectSafety)
        return (ULONG)pThis->ExternalAddRef();
}
STDMETHODIMP_(ULONG) myctrl::XObjectSafety::Release()
{
    METHOD_PROLOGUE_EX_(myctrl, ObjectSafety)
        return (ULONG)pThis->ExternalRelease();
}
STDMETHODIMP myctrl::XObjectSafety::QueryInterface(
    REFIID iid, LPVOID* ppvObj)
{
    METHOD_PROLOGUE_EX_(myctrl, ObjectSafety)
        return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}